Category: Fedora

Posted on

Chasing Linux mount point indirection

It can be a challenge to track down what mount point on a Fedora/RHEL Linux box belongs to which physical disk partition when there are several layers of indirection including Logical Volume manager, Encrypted Disks and UUIDs. Fortunately, the computer does it for us most of the time. But when I, as a human being, needed to step in and figure it out, google came to the rescue. Here are my old notes.

cat /etc/fstab (my transcription of the info):
 / is /dev/VolGroup00/LogVol00
 /home is /dev/mapper/luks-625f820f-1aba-45b3-aacd-4d17dcc9240a
 swap is /dev/mapper/luks-a9362b00-c1c6-470f-9b5b-4e062d96ff10

cat /etc/crypttab:
 luks-625f820f-1aba-45b3-aacd-4d17dcc9240a UUID=625f820f-1aba-45b3-aacd-4d17dcc9240a none

sudo blkid
 /dev/mapper/VolGroup00-LogVol02: UUID="625f820f-1aba-45b3-aacd-4d17dcc9240a" TYPE="crypt_LUKS"

sudo lvscan
 ACTIVE '/dev/VolGroup00/LogVol02' [363.09 GB] inherit

sudo pvscan
 PV /dev/sda2 VG VolGroup00 lvm2 [465.66 GB / 0 free]
 Total: 1 [465.66 GB] / in use: 1 [465.66 GB] / in no VG: 0 [0 ]

sudo fdisk -l
Device Boot      Start         End      Blocks   Id  System
/dev/sda2 14 60801 488279610 8e Linux LVM

I don’t like chasing down that many levels of indirection, so I normally try to simplify things on a desktop system by not using LVM.

Posted on

Why Linux?

I’ve acquired a used desktop computer with 6GB RAM, and I’ve been trying to figure out whether to put Linux or Windows 7 on it in the long term. I’d like it to be useful to the whole family.

Windows 7 is great for playing DVDs, Youtube movies, doing Netflix streaming, games, printing to our aging Kodak EasyShare 5100 printer, syncing with my iPod Touch, and it has a fantastic photo screensaver. Some of our favorite applications are available for Windows, but not Linux.

Windows has great parental control software available — via it’s built-in controls, or via third party software. We limit the amount of time our children can be on the computer each day, and we limit the kinds of websites they can visit.

Linux, on the other hand, costs less and supports the sound card and the graphics card better than Windows. And much to my surprise, Linux now supports our Kodak printer (but not its scanner).

There are several Linux distributions available, and I’ve tried Fedora 17 and Ubuntu 12.04 on this machine in their 64 bit variants. Both are well supported by a vibrant community and by commercial companies.

Fedora doesn’t play DVDs, has trouble with some Youtube videos, can’t stream Netflix, doesn’t have parental controls, doesn’t sync with my iPod Touch, and doesn’t even include a screensaver — just a screen blanker (thanks to the unfinished state of its shiny new-and-highly-immature desktop, Gnome 3). It’s possible to rectify many of these limitations, but it takes time to find and configure the software. Netflix streaming isn’t an option. Getting a photo screensaver requires the use of an alternate desktop environment, like KDE or XFCE. In short, Fedora isn’t family desktop ready.

Ubuntu has most of the same limitations as Fedora, but its desktop experience is more polished and the online help is phenomenal. The Ubuntu Software Center not only has application ratings, but can also recommend other apps. Ubuntu automatically told me there were proprietary ATI drivers available, and it was painless to switch to them, with enough improvement in accelerated performance to make it worthwhile. Ubuntu has parental controls in the form of Gnome Nanny, but it doesn’t work with 64 bit Linux, although a web browser extension is an option.

So why do I bother with Linux? It’s an exceedingly useful swiss army knife, runs blazingly fast, and doesn’t slow down over time when software is added. I’m heavily invested in it, and it gives me a technical edge in the workplace. There are thousands of interesting tools that are easy to install — Inkscape, Gimp, meld, Chromium and others. Linux has full featured, freely available development tools for C, C++ and Java — not crippled ones. And it’s multi-user enabled via ssh, remote-X, vncserver, or NX server. Mail servers, web servers and other servers work extremely well. With Linux, it’s easy to see what application or service is slowing down my computer with ‘top’ or ‘iotop’, whereas in Windows, it’s obscured because services run as threads in svchost. I love Linux Live CDs for troubleshooting computer problems, testing hardware and internet connections, and for recovering data from broken Windows installs.

So Linux is great for me as a software developer, but I’m not convinced that Ubuntu, Fedora or any other Linux distribution deserves to be a family desktop environment.

 

Posted on

Linux tty auditing

Since RHEL 5.4, and in recent Fedora releases, it’s possible to audit what users type at their tty (command prompt), thanks to the work of Steve Grubb, a RedHat employee.

Edit /etc/pam.d/system-auth and append the following, but not both:

session required pam\_tty\_audit.so disable=\* enable=root
session required pam\_tty\_audit.so enable=\*

Wait for users to log in and type into a terminal. Later, to see audited tty input, run:

aureport --tty

When a user logs in, the pam module tells the kernel to enable tty auditing for a process and its children. All tty input is logged, but it may not be incredibly easy to read (it includes backspaces, control characters, etc.). I’m unclear as to when and how often the kernel flushes out accumulated tty input to the audit log. The records are identified with a type of TTY in /var/log/audit/audit.log.

In addition to tty auditing, RedHat patched their bash shell so that it neatly audits each and every command line it executes, with a record type of USER\_TTY. It’s prettier to read than raw tty auditing — and it’s easy for a user to bypass by using a shell that doesn’t send its commands to the Linux audit system, like zsh, or a custom-built unpatched bash. Maybe that’s why “aureport –tty” doesn’t show USER\_TTY records.

—-

The Linux auditing system is powerful. It’s possible to write rules that watch for modification to certain files, or that log the use of certain system calls. See the “audit.rules” manpage for more information.

Posted on

Gnome 3: Not quite ready for prime time

Just over a week ago, I installed Fedora 15. After using Gnome 3 for two days, I decided that I’m better off using Gnome 2, KDE or XFCE.

With Gnome 3, I like the ability to type the name of the application I want to run instead of hunting for it in a menu. This is a feature I’ve enjoyed for the past five years with Windows Vista, so it’s refreshing to finally have it appear in Gnome.

With Gnome 3, however, I miss the following:

  1. A system monitor applet. When my system starts to feel slow, I pay attention to CPU and I/O wait overhead.
  2. Multi-monitor support when changing workspaces. When I move to a new workspace, Gnome 3 only moves one of my two screens to a new workspace. The other stays the same.
  3. Quick launch icons. I use them for Firefox, gVim, Eclipse, and other frequently used apps.

I expect that Gnome 3 will be improved rapidly, and Fedora 16’s Gnome 3 will more productive.

Update: There’s a list of ways to tweak Gnome shell to make it almost bearable: http://forums.fedoraforum.org/showthread.php?t=263006. In particular, by installing and using “gnome-tweak-tool”.

Posted on

Fedora 14, SSH ports and SELinux

SELinux in Fedora 14 is configured to constrain the ports on which SSH can listen (see the bug report). The solution:

setsebool -P sshd_forward_ports 1

This allows SSH to listen on ports besides 22, and to forward ports. Reading the bug report is interesting. In my opinion, OpenSSH has an outstanding security track record, and we probably don’t need additional SELinux policy to constrain it. It’s probably wise to practice security in-depth (to have more than one line of defense), but it creates a large road bump for most SSH power users. From what I read, it sounds like most people still disable SELinux.

Posted on

Miscellaneous Linux tips and tricks

Gnome Key Bindings and IntelliJ IDEA

IntelliJ IDEA key bindings conflict with Gnome’s window manager. In IDEA, I can type CTRL-B to jump to a symbol definition. Normally, I’d type CTRL-ALT-LEFTARROW to navigate back to where I had come from. Gnome’s MetaCity intercepts that key mapping before IDEA sees it, and tries to move my desktop to the left. There are several other Gnome/Metacity key bindings that conflict with IntelliJ IDEA. Rather than remap the keys in Gnome, I found that on Fedora, I could add the Windows key to the mix, and Gnome would ignore it, and pass it along to IDEA. This means that I can type CTRL-ALT-WINDOWS-LEFTARROW to navigate backward, and so forth.

Unfortunately, this doesn’t work in RHEL 5 and CentOS 5. The solution is to Go to the Gnome menu bar and select System > Preferences > Keyboard (not Keyboard Shortcuts). Then select the “Layout Options” tab, and expand the “Alt/Win key behavior”. Then I select “Super is mapped to the Win-keys”.

Every time I log in after that, Gnome tells me that my X keyboard settings conflict with my Gnome Keyboard settings, and it asks which I want to use. Selecting the Gnome settings is what I want.

Bandwidth limiting downloads with ‘curl’ or ‘wget’

When downloading a large file, it’s nice to be polite to others on the network, so I use the --limit-rate option for curl and wget:

* curl -O --limit-rate 20k http://server.com/linux.iso
* wget --limit-rate=20k http://server.com/linux.iso

GDB TUI (text user interface)

After starting gdb, it’s possible to switch to its text user interface with CTRL-X, CTRL-A. Typing it a second time exits TUI mode.

Vim C++ Auto completion with ctags

I appreciate full blown IDEs in Linux, but I like the quick start up time of vim. Until recently though, I didn’t have C++ auto completion (also known as vim omni completion).

This got me up and running, and was a great resource:
http://vim.wikia.com/wiki/C%2B%2B_code_completion

This would have been useful if I was a new comer to vim and ctags:
http://www.justlinux.com/nhf/Programming/Introduction_to_C_Programming.html

xdg-open, gnome-open, start, cygstart

How to easily open files and URLs from the command line
http://www.dwheeler.com/essays/open-files-urls.html

  • Linux: xdg-open filename_or_URL
  • Linux: gnome-open filename_or_URL
  • Mac: open filename_or_URL
  • Windows: cmd /c start filename_or_URL
  • Cygwin: cygstart filename_or_URL

Nomachine NX and ALT-TAB

I use the Nomachine NX client from time to time to get a remote-desktop like connection to a remote Linux machine. It’s faster than VNC, but it suffers from not forwarding all of my keyboard shortcuts to the remote end of the connection.

Usually, I start the nxlcient from within a Gnome login session. Gnome happily grabs ALT-TAB before the NX client gets to see it. That’s not what I want. To work around this limitation, I log into a virtual terminal, and start X manually as follows:

Type CTRL-ALT-F2
Login
Run: startx -- :1 gnome-terminal

From the gnome-terminal, run: nxclient

And then I connect to the remote machine in full screen mode. There’s no local window manager to interfere with my keyboard shortcuts.

Remote desktop and dual screens

I’ve been using Remote Desktop to connect to Windows XP, Vista and 7 machines. Until Windows 7, there was no way for a local computer having dual monitors to connect and have the remote end display across both monitors.

So I used linux’s ‘rdesktop’ program to do it:

rdesktop -0 -a16 -f -rdisk:CLIENT=/home/jared/Desktop -r sound remote.host.com

I notice that in Windows 7, there are some new options in the Remote Desktop client (mstsc.exe): /multimon and /span. Or run mstsc /? to list all possible options.

Editing windows registry files on Linux

Use Gedit: gedit --encoding=UTF-16LE myfile.reg

Gvim: LANG=UTF-16LE gvim myfile.reg

If already in gvim: :e! ++enc=utf-16le
or :e ++enc=utf-16le myfile.reg

Convert, edit, convert:

iconv -f UTF-16LE -t utf-8 myfile.reg > myfile.reg.utf8

Edit myfile.reg.utf8, then convert it back

iconv -f utf-8 -t UTF-16LE myfile.reg.utf8 > myfile.reg


How Firefox opens files and mime types

I needed to give Firefox some extra help knowing how to open a custom file type with a custom application. Here’s some helpful information.

https://developer.mozilla.org/en/How_Mozilla_determines_MIME_Types

Firefox uses mime.types on Linux, as well as other things. I helped Firefox by the mime type to the link in the generated HTML file. Either one of the following seems to work:

* <a href=”file:subdir/file1.cst” type=”application/octet-stream”> open file </a>
* <a href=”file:subdir/file1.cst” type=”application/x-extension-cst”> open file </a>

Posted on

f-spot and sqlite

I recently tried using Linux [f-spot](http://f-spot.org/), with the intent to make it easier to browse, manipulate, manage and publish my photos. I wanted f-spot to manage my photo screen saver as well. f-spot seems to be good at importing photos, but getting photos removed is a bit more difficult.

I organize my photos by date an a directory structure such as “2010/2010.01.01 New Years Day”. The “2010” directory contains several sub directories. Each sub directory consists of a date and a description. If, for some reason, I import photos into f-spot that I don’t want in its database, I know what directory the photos pertain to. Unfortunately, F-spot doesn’t allow me to remove photos from its catalog by filename or file path. That’s okay though, because it stores its database using sqlite.

I figured this out by running lsof -p pid-of-f-spot, and noticed a file descriptor opened to “/home/jared/.config/f-spot/photos.db”. Then I ran file ~/.config/f-spot/photos.db and it helpfully told me that it is a “[SQLite](http://www.sqlite.org/) 3.x database”.

After a bit of google research, I figured out I could install a SQLite manager on my Fedora system: yum install -y sqliteman, followed by running sqliteman ~/.config/f-spot/photos.db. I was expecting to see a command-line client, but to my surprise, I found a pleasant graphical interface. It was simple to browse the table schema and to run queries to update and morph the f-spot photo database. Note: I’d recommend making a backup copy of the database before altering it.

F-spot may not be everything I want it to be, but I managed to work past its limitations due to the fact that it used a well known, open data storage format.

Posted on

Using rsync with SELinux

Last week, I needed to move /home from one Fedora computer to another, and I used rsync over ssh move the data.

On the new system, I noticed that procmail didn’t seem to be working, and neither did Dovecot. Nor could apache serve up my files. This had all been working on my previous Fedora system, which was running SELinux, as was my new system. What had happened?

I hadn’t told rsync to bring across the SELinux file contexts, which are stored in extended attributes. Here is the rsync option I should have used:

-X, –xattrs

I could have used ‘tar’ to move my home directory as well. In that case, I would have needed one of the following options: `–selinux` or `–xattrs`

I resolved my SELinux issues using the excellent [SETroubleShoot](https://fedorahosted.org/setroubleshoot/), which explained what commands to run to restore the proper SELinux contexts on various files.

SELinux requires time to tune, and I use it because it enhances the security of my linux system, which serves up content over HTTP (Apache), IMAP (dovecot) and CIFS (Samba).

Posted on

Fedora 11 and Virtualization (KVM)

I’ve recently upgraded another computer from Fedora 9 to Fedora 11, and I’ve decided to try the built-in [KVM](http://en.wikipedia.org/wiki/Kernel-based_Virtual_Machine) (i.e. Applications -> System Tools -> [Virtual Machine Manager](http://virt-manager.et.redhat.com/)). I wanted a virtual machine that had bridged mode networking, but it wasn’t available by default. To get it as an option, I disabled SELinux (not sure if it was necessary), followed [some special instructions](http://wiki.libvirt.org/page/Networking#Fedora.2FRHEL_Bridging) to setup a bridged interface, and restarted my network and libvirtd.

Now I’ve got a working guest OS inside of KVM, and I like it. The guest OS feels snappy and responsive.

Update: KVM and the accompanying tools aren’t as mature as VirtualBox or VMWare. E.g. I didn’t see how to get my USB flash drive to be recognized by a KVM guest OS. At one point, I tried to use VirtualBox at the same time as KVM. VirtualBox told me I needed to disable the KVM kernel module before using VirtualBox.

Posted on

My impressions of Fedora 11

Here’s my take on installing Fedora 11, which was released June 9, 2009. I chose not to do an upgrade as I often do. Instead, I did backup, followed by a fresh install, preserving my /home partition, but wiping out the other partitions. Then I used [`meld`](http://meld.sourceforge.net/) to restore my configuration files in /etc — such as ssh server keys, printer settings and file system mounts. I found that I had to use the kernel boot option `nomodeset` in order to avoid system lockups. Overall, I’ve been pleased with my Fedora 11 experience, despite the bumps.

Fedora 11 useful resources:

– [Release Notes](http://docs.fedoraproject.org/release-notes/f11/en-US/)
– [Common Bugs](http://fedoraproject.org/wiki/Common_F11_bugs), with workarounds.
– [Fedora Guide](http://www.fedoraguide.info/), explaining how to configure a Fedora system.

Pre-install:

– `cp -a /etc /home/backup/etc`
– `cp -a /root /home/backup/etc`
– backup /home
– booted the LiveCD to make sure it would detect my hardware and run

Install

– I decided to preserve my partition layout, which isn’t the default option upon fresh install
– Didn’t delete my `/home` partition.
– Reformatted all other partitions, with “/” as ext4

Post-install:

– Had to enable eth0 in NetworkManager, and make “enabled” the default.
– `yum install -y meld nautilus-actions nautilus-open-terminal vim-X11 zsh screen mc rdesktop`
– `meld /home/backup/etc /etc`
– Restored /etc/ssh settings
– Restored /etc/cups printer settings
– Checked /etc/fstab differences
– Installed [NX Server](http://www.nomachine.com/)

Pleasurable:

– Bootup is very pleasant, and seems faster. 30 seconds boot. 17 seconds login. 14 second shutdown. This is on an AMD Athlon 2400 Mhz Sempron with an ATI video card.
– Artwork is top notch (backgrounds on login screen and default wallpaper)

Pain points:

– Unavailable extensions for Thunderbird 3.0
— Enigmail
– Unavailable extensions for Firefox 3.5
— Aardvark
— QuickProxy
– Computer locked up every few hours until I added `nomodeset` to my kernel settings in /etc/grub.conf.